> Subject: Re: [policyd-users] Disable spamtrap blacklisting
> when sender is null?
> >
> > If Postfix is just getting a DUNNO, that would be what I
> want since I
> > have several more spam checks after policyd. But if it's
> getting an
> > OK, that would break any further spam checks.
> >
>
> According to the documentation, and at least my configurations,
> check_policy_service is always the last smtpd_*_restrictions. policyd
> will never affect the spam checks that are located BEFORE the
> check_policy_service line, which is where you call policyd.
>
Hmm. I'm reading it differently. It looks to me like it's saying the only
"requirement" is to put it after the two rejects listed:
smtpd_recipient_restrictions =
..
reject_unauth_destination
reject_unlisted_recipient
check_policy_service inet:127.0.0.1:10031
..
The dots suggest (to me, anyway) that other restrictions can follow.
That being said, maybe what I need is actually what you say: to put it at the
bottom. Then it wouldn't matter if the answer was OK or DUNNO. I might still
get spammed by false null senders, but not any more than if policyd was higher
in the list and responded with DUNNO to a null. Those senders still have to
make it through the whole list of checks.
Have a look at my current restrictions list. (Postgrey is still in use until I
take the time to move to policyd greylisting.)
smtpd_recipient_restrictions =
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
# all users must auth
permit_sasl_authenticated,
# mynetworks only lists servers, not LAN
permit_mynetworks,
reject_unlisted_recipient,
reject_unauth_destination,
# allow postmaster and other system addresses to pass
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
reject_invalid_hostname,
reject_non_fqdn_hostname,
# policyd
check_policy_service inet:127.0.0.1:10031,
# check for helos faking me
check_helo_access hash:/etc/postfix/helo_checks,
# spammy ip ranges
check_client_access cidr:/etc/postfix/client_checks.cidr,
# spammy domain names
check_sender_access hash:/etc/postfix/sender_checks,
# spammy domain names
check_client_access hash:/etc/postfix/client_checks,
# postgrey
check_policy_service inet:127.0.0.1:60000,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
See anything there that would break or otherwise not work well if I move policyd
to the end?
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users
